Latest wireless standard may be less secure
A paper written by a security expert claims the new Wi-Fi Protected Access (WPA) security standard may be less secure, in certain scenarios, than the wireless standard it was designed to replace.
In the paper, "Weakness in Passphrase Choice in WPA Interface," Robert Moskowitz, a senior technical director at ICSA Labs, part of TruSecure, describes a number of problems with the new WPA standard, including the ability of attackers to "sniff" critical information from wireless traffic and to discover the value of a wireless network's security key.
WPA is a new security standard based on work by the Institute of Electrical and Electronics Engineers Inc. (IEEE) on the 802.11i wireless security standard. WPA is intended to replace Wired Equivalent Privacy (WEP), the most common standard for securing data on wireless networks.
WPA offers a number of security improvements over WEP, including better data encryption and the ability to authenticate users on large networks using a separate authentication service such as Remote Authentication Dial-In User Service, before allowing them to join the network, according to the Wi-Fi Alliance, a wireless industry group.
The problems with WPA centre on the use of Pre-Shared Keys (PSKs), which are an alternative authentication tool for small businesses and home users that do not want to use a separate authentication server and full 802.1x key infrastructure, according to Moskowitz, who helped design the 802.11i wireless security standard and WPA.
